Why do I get a 401 Unauthorized error?

Check if your AgentLLM key is valid and correctly passed in the Authorization header. You can regenerate the key under Test → LLM → Keys.

Why is the wrong version of my agent responding?

Check the 'model' string in your request. Make sure you're using the correct version tag like @dev, @prod, or @1.0.

What do I do if my request returns no output?

Confirm that your agent is correctly configured and LLM is toggled on. Then inspect logs under Deployments → Logs.

How do I find the correct baseURL and model string?

Go to Test → LLM → Code. Always copy the baseURL and model directly from there to avoid typos or environment mismatches.

Authentication Types

You can secure your agents and their integrations using multiple authentication methods in SmythOS. These help control access, protect sensitive data, and ensure authorized usage.

Why it matters

Use authentication to safeguard your agent workflows, API access, and user interactions. Always store secrets in the Vault and configure token-based systems properly.

Authentication Methods

Choose the right method based on your use case. All authentication types rely on the Vault to securely store and inject credentials into workflows.

API Key Authentication

Use for simple integrations with services that require static tokens.

Add your API key to the Vault
Reference it inside your agent’s API components
SmythOS injects it automatically when the workflow runs

OAuth Authentication

Use for secure, delegated user access via providers like Google, Microsoft, or custom IDPs.

Register your application with the identity provider
Add the client ID and secret to the Vault
Configure OAuth in your agent using the Authentication Settings

You’ll also need to define a secure callback URL. See the OAuth setup guide for required fields and structure.

JWT Authentication

Use for stateless and secure token verification, often in internal systems.

Add your JWT secret or public key to the Vault
Configure JWT logic in your agent
Validate tokens passed with incoming requests

Best Practices

Do not hardcode secrets in your agent’s logic
Use the Vault for all credentials and keys
Rotate keys regularly to reduce security risk
Minimize scope when generating API keys or access tokens
Audit logs and monitor agent logs to detect misuse

What to Try Next

Learn how to manage secrets in the Vault
Add secure API requests to your agents

Was this page helpful?

Authentication Methods​

API Key Authentication​

OAuth Authentication​

JWT Authentication​

Best Practices​

What to Try Next​